28 August 2019
As part of the SEC’s focus on protecting retail investors, in 2017, they examined over 50 RIAs to assess the supervisory practices of advisers who (at the time) currently or previously employed personnel with a history of disciplinary events (the “Supervision Initiative”). Nearly all of the advisers examined received deficiency letters.
The Risk Alert recently issued on July 23, 2019 was about the SEC’s findings from the Supervision Initiative which, covered the supervision of ALL employees, not just those with a history of disciplinary events.
Not surprisingly, the deficiencies primarily came back to:
- Inadequate policies and procedures
- Inadequate employee training
- Inadequate annual compliance reviews
Are we seeing a theme here? The SEC has issued several Risk Alerts this year, and inadequacy in these three areas seems to be the recurring issues. Your policies and procedures, employee training, and annual compliance review are the three pillars of a successful compliance program and, therefore, a successful SEC examination.
In this article, we will help you consider whether your policies, procedures, trainings, and reviews are sufficient with regard to supervision of your employee. Read on!
Supervision of Employees with Disciplinary History
Nearly half of the disclosure-related deficiencies were a result of advisers providing inadequate information (e.g., omissions, incomplete, confusing, or misleading information) about the disciplinary events of their employees. In part, this was because advisers were relying on the employees for this information.
Prior to hiring, conduct background checks, which may include one or more of the following:
- Confirming employment history
- Contacting personal references
- Verifying educational claims
- Acquiring disciplinary records
- Conducting financial background checks and credit checks
- Conducting internet search
- Reviewing social media sights
- Requiring finger printing
- Requesting copies of applicant’s Form U5, when applicable
- Reviewing U5 filings 30+ days after they are hired to identify termination notices filed after your hiring decision was made
- Check CRD/IARD for supervised persons’ filings
- Recheck CRD/IARD for supervised persons’ filings 3+months after hiring
If any of your existing employees have a disciplinary event:
- Do your own research to get the details about their event and not simply rely on the supervised person to self-report information sufficient to meet your fiduciary duty around full and fair disclosures.
- Get all the details, such as
- The total number of events
- The date for each event
- The allegations
- Whether the supervised person was found to be at fault
- Whether fines, judgments, awards, or other disciplinary sanctions were imposed
- Update Form ADV, Form U5, and any other required disclosures to clients, TIMELY.
Many advisers did not adopt and implement compliance policies and procedures that address the risk of employing personnel with prior disciplinary histories. For example, advisers did not have processes reasonably designed to identify whether the supervised person’s self-attestations that they were not the subject of reportable events or recent bankruptcies was in fact the case. Some supervised persons reported incorrectly to the adviser that they were not the subject of any reportable events during the reporting period or did not report information regarding recent bankruptcies.
For the general employee, training will be the key here. Remind your employees of the definition of a reportable event, the requirements around reporting them, and the consequences of non-compliance. Employees need to be reminded of the requirements and the importance of following them.
Have policies and procedures in place. The SEC’s findings showed that the examined advisers with written policies and procedures specifically addressing the oversight of supervised persons with disciplinary histories were far more likely to identify misconduct by supervised persons than advisers without these written protocols.
If you knowingly have someone on your staff with certain disciplinary histories, such as misappropriation, unauthorized trading, forgery, bribery, or making unsuitable recommendations, establish heightened policies and practices for overseeing such supervised persons. You should also consider whether its necessary to limit their responsibilities.
Firm-wide Supervisory Practices
While the initial intent of OCIE’s “Supervision Initiative” was to focus on firm’s who employed personnel with a history of disciplinary events, the staff also reviewed the advisers’ supervisory practices firm wide, observing supervisory issues related to all employees, not just those with disciplinary histories.
The staff observed that many advisers did not adequately supervise or set appropriate standards of business conduct for their supervised persons. The advisers’ policies and procedures did not sufficiently document the responsibilities of supervised persons and did not clearly outline the expectations for these individuals. Some of the issues staff observed included supervised persons:
- Charging undisclosed fees to clients or charging fees for services the client never received.
- Preparing their own adverting materials that did not comply with the advertising rule, and
- Working remotely and operating in a self-directed manner that was not consistent with the advisers’ policies and procedures.
This is about your policies and your annual review.
Confirm that your policies and procedures address the oversight of your employees, include thing such as:
- Limiting access to systems, folders, and files (including limiting access to ONLY those marketing materials that have gone through a compliance check and have been approved for distribution.)
- Having processes for approval such as the review and approval of marketing materials by designated personnel, review and approval of invoices to confirm accurate billing, periodic review of client restrictions to ensure adherence.
- Centralizing duties (e.g., trading, billing, performance calculations.) to minimize the risk of improper oversight and errors.
Incorporate reviews and testing, related to supervisory practices, into your annual review. For example:
- Review a sample of client invoices, quarterly, to confirm the fees being charged are in alignment with your clients’ agreements and calculated using appropriate values.
- Conduct email reviews to confirm adherence to your company policies. Keep an eye out for things such as:
- Unencrypted confidential information (e.g., account numbers) being sent outside of the firm.
- Violations of privacy
- Undisclosed gifts and entertainment
- Unauthorized or undisclosed payments to third parties, including political parties
- Unaddressed customer complaints
- Marketing and advertising language, either missing disclosures or not including the proper disclosures.
- Unreported trading errors
- Legal issues for the firm or a supervised person
- Possible insider trading
- Adopt written policies and procedures that address client complaints related to supervised persons. The SEC staff noticed that the advisers with such policies were consistently more likely to escalate matters of concern raised in these complaints than advisers without written protocols.
- Conduct due diligence reviews of your remote offices and personnel, particularly when supervised persons with disciplinary histories are located in branch or remote offices.
Many advisers had policies and procedures that clearly assigned individuals who were responsible for performing particular duties, but the firms did not implement the policies.
For example, although outlined within the advisers’ policies and procedures, the firms did not:
- review whether, at account opening, the type of account selected was appropriate (e.g., wrap vs. SMA),
- document that an assessment of the type of account took place, or
- document the factors considered in making these assessments.
The solution to this is your annual review. We suggest you develop a robust annual compliance review where you conduct sample reviews of all areas of your firm’s policies and procedures, including your onboarding procedures. If you would like some guidance on this, Part 2 of our 3-part series, How to Master the Annual Review and Promote a Culture of Compliance talks all about defining your testing and reviews.
Policies and Procedures
As they often do, the staff observed that several advisers had adopted policies and procedures that were inconsistent with their actual business practices and disclosures. The most common inconsistent practices included:
This included things like solicitation fees, management fees, compensation related to hiring personnel, and oversight of firm compensation practices, including such practices within branch offices.
- Customize your policies! Templates are a great place to start, but if you use them, make sure you tailor them (e.g., remove the sections that don’t apply, tweak the sections that do) so that the policies and procedures make sense for your unique business and are in alignment with your operations.
- Keep your policies SIMPLE. The more concise and practical your policies, the better your personnel will understand and adhere to them, and the easier they will be to review and update.
- At least annually, conduct a review of your policies and procedures, comparing them your ADV, any separate policies, and to your actual business practices.
- Once the review is complete, create a work-in-progress (“WIP”) version, and use track changes to redline any changes that arise throughout the year. That way, when next year arrives, you won’t have to try to remember everything that happened in the last 365 day, and it will take a fraction of the time to review and adopt the changes.
The staff observed that advisers’ annual reviews were insufficient because the firms did not take steps to adequately document the reviews and appropriately assess the risk areas applicable to the firms or identify certain risks at all.
We recommend developing your annual compliance review based on a well-thought-out risk assessment. Check out Part 1 of our 3-part series, How to Master the Annual Review and Promote a Culture of Compliance to make sure you have sufficiently identified and assessed your firm’s risks.
As you conduct the annual review, document your testing, including:
- A summary of the testing conducted,
- References to any supporting records,
- The results,
- Any exceptions, and
- The remedy (e.g. provided additional training to staff, enhanced or changed existing procedures, etc.)
Conflicts of Interest: Compensation Arrangements
The staff observed that several advisers had undisclosed compensation arrangements, which resulted in conflicts of interests that could have impacted the impartiality of the advice their supervised persons gave to their clients.
- Forgivable loans were made to the advisers or their supervised persons, the terms of which were contingent upon certain client-based incentives that may have unduly influenced the investment decision-making process, resulted in higher fees and expenses for the affected clients, or both.
- Supervised persons were required to incur all transaction-based charges associated with executing client transactions, which created incentives for the supervised persons to trade less frequently on behalf of their clients.
As part of your policies and procedures, require attestation from your employees about loans and other conflicts.
As part of your annual review, review trading patterns to confirm that they are in your clients’ best interest. Remember to document the results of your testing to substantiate that you conducted that testing.
There is a common theme with this risk alert and many others: inadequate policies and procedures, employee compliance training, and annual review processes are what lead to examination deficiencies. A solid compliance program starts with developing a really good set of policies of procedures that are consistent with the firm’s actual practices, inclusive of all requirements, and easy to understand. A key element to ensuring adherence with the firm’s policies is employee training. Keep your employees up to date with the requirements, and remind them of the importance of adhering to them. If there are violations, use those as a learning opportunity for your staff. Lastly, the annual review is the final component to a strong compliance program. It tests the adequacy of your policies, confirms adherence, and identifies what is working and what is not, so that you can make adjustments to ensure that your compliance efforts are effective and efficient.